Document data identity verifying apparatus

ABSTRACT

An object of the present invention is to provide a document data identity verifying technology which is capable of easily manage identity of data in a file generated from the original data. An apparatus includes: an I/O unit  15  which receives document data in a first format from a creation source of the document data and receives the document data in the first format from the reception source of the document data or the document data converted into another format; a format management unit  100  which converts the received document data in the first format into another format according to a preset conversion definition; an irreversible cipher management unit  105  which generates an irreversible cipher on the received document data; and an irreversible cipher verification unit  110  which verifies the irreversible cipher generated based on the document data in the first format received from the creation source or the document data converted into another format by the format management unit  100  and an irreversible cipher generated based on the document data received from the reception source; wherein identity of the document data received from the creation source and the document data received from the reception source is validated according to the verification results.

CLAIMS OF PRIORITY

The present application claims prority from Japanese application serialno. JP2004-351495, filed on Dec. 3, 2004, the content of which is herebyincorporated by reference into this application.

BACKGROUND OF THE INVENTION

The present invention relates to a technology for verifying identity ofdocument data, and more specifically to a technology for verifyingidentity of document data that can manage identity of data stored in afile created from the original data. It should be noted that the term“identity” referred to in this specification shall simply havecapability of detecting falsification of document data, and it shall nothave to secure exactly the same data.

Conventionally, to distribute data upon confirming authenticity of datacreated by the data creation source and the identity of the datacreation source as well, it was necessary to apply an electronicsignature, etc. to the file created in the file format that wasspecified at the time of creating the data.

Suppose a case, for example, where business connections exist amongcompanies A, B and C and data passing is conducted in this order, inwhich only document data of a first format (Excel (registered mark)data) is provided by the company A, and document data of a second and athird formats (XML (registered mark) data and PDF (registered mark)data) are required by the company B and the company C, respectively.

In such a case, normally, the company A puts an electronic signature onthe Excel file created within the company and provides the file to thecompany B. The company B, after verifying the signature of the companyA, converts the file to XML data, puts an electronic signature of thecompany on the Excel file provided by the company A, and then providesthe file to the company C. Likewise, the company C, after verifying thesignature of the company B, verifies the signature of the company A'sdata, and converts the data into the PDF format to manage the files. Itshould be noted that, for the example case, verification will not bepossible after the expiry date of the certification. Prior arts thatstate the above-stated procedures include Japanese Patent Laid-open Nos.8-329050 and 2003-22009 and U.S. Patent Application Publication No.2004/139207.

SUMMARY OF THE INVENTION

The prior arts require bothersome processes such as identification of auser himself or herself, management of a key thereof, and furthervalidity confirmation to a certificate authority, etc. to assuresecurity. In addition, the prior arts require personal or system burdenssuch as caring for expiration of the certificate.

In addition, in many cases, the file format of data sent and received isinadequate for capturing and processing in the system. When this is thecase, a user who received the data is required to convert data at theuser's risk. Therefore, when relaying of data of the creation source isconducted, the processing will be complicated.

The present invention has been made in view of the above-statedproblems, and an object of the present invention is to provide atechnology for verifying identity of document data that can easilymanage identity of data in a file created from the original data.

The present invention manages versatile file formats that are createdfrom common data by using irreversible symbols such as hash values andverifies authenticity of data through comparison using a random fileformat. In addition, the present invention includes provision of data ina file format required. It should be noted that, more specifically, thefollowing apparatus is adopted.

The present invention is configured to include: an I/O unit whichreceives document data in a first format from a creation source of thedocument data and receives the document data in the first format or thedocument data which is converted in another format from a receptionsource of the document data; a format management unit which converts thedocument data in the first format received into another format accordingto a preset conversion definition; an irreversible cipher managementunit which generates an irreversible cipher on the document datareceived; and an irreversible cipher verification unit which verifies anirreversible cipher that is generated based on the document data in thefirst format received from the creation source or the document dataconverted into another format by the format management unit and anirreversible cipher that is generated based on document data receivedfrom a reception source; wherein identity of the document data receivedfrom the creation source and the document data received from thereception source is validated.

Since it has the configuration stated above, the present invention canprovide a technology for verifying identity of document data which caneasily manage identity of data in a file that is created from theoriginal data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram illustrating a document data identityverifying apparatus according to a preferred embodiment of the presentinvention;

FIG. 2 is a detailed diagram illustrating a data identity verificationdevice 10;

FIG. 3 is a diagram illustrating a specific example of a file recorder45;

FIG. 4 is a diagram illustrating a specific example of an identity datarecorder 50;

FIG. 5 is a diagram specifically illustrating a conversion definitionrecorder 55;

FIG. 6 is a flow chart illustrating processing of the data identityverification device 10;

FIG. 7 is a flow chart illustrating processing of a format managementfunction 100;

FIG. 8 is a flow chart illustrating processing of an irreversible ciphermanagement function 105; and

FIG. 9 is a flow chart illustrating processing of an irreversible cipherverification device 110.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Hereinafter, a specific embodiment of the invention will be describedwith reference to the accompanying drawings. FIG. 1 is a schematicdiagram illustrating a document data identity verifying apparatusaccording to the preferred embodiment of the present invention.

First, the company A, which is the creation source of data, operates aterminal device 60 and registers document data in a format 1 (excel)that is created by the company itself with a third-party institution Y(Step S1). The document data registered is format-converted in theidentity verification device 10 to create a document 2, a document 3, upto a document Z, which are document data in a format 2, a format 3, upto a format Z, respectively (Step S2). Then, an irreversible cipher (ahash value) is created for each of the document 2, the document 3, up tothe document Z created (Step S3).

The company A, which is the creation source of the above-stated data,transmits the document data created in format 1 (excel) to the company B(Step S4). The company B transmits the document data (excel) received tothe data identity verification device 10 (Step S5). The identityverification device 10 creates a hash value based on the document datareceived (excel) and compares the hash value thus created and the hashvalue of the document 1 (excel) created in the Step S3 (Step S6).Matching of the two hash values implies that identity of the documentdata that the company B received from the company A in Step 4 and thedocument data that the company A registered with the third-partyinstitution Y in Step 1 has been confirmed. Following the confirmationof identity, the identity verification device 10 transmits, for example,the document Z, which is a document converted into the format Z (XML),to the company B (Step S7). The company B receives the document Z. Thedocument Z received is created by the identity verification device 10based on the document data in format 1 (excel) that is created by thecompany A; therefore, the identity of the document Z with the documentdata in format 1 (excel) created by the company A is guaranteed by theidentity verification device 10.

The company C receives the document data in format 1 (excel) from thecompany B. The company C which received the document data can obtaindocument data (PDF, for example) whose identity with the document datain format 1 (excel) created by the company A is guaranteed by theidentity verification device 10 by executing processing of Steps 6, 7and 8 as is the case with the company B.

FIG. 2 is a detailed diagram illustrating a data identity verificationdevice 10. Referring to FIG. 2, the data identity verification device 10includes an I/O unit 15, a processor 25 and a recorder 30. The recorder30 includes a format management function 100, an irreversible ciphermanagement function 105 and an irreversible cipher verification function110. It should be noted that each of these functions is configured as aprocessor that is achieved by a program.

Further, in the data identity verification device 10, recorders 45, 50and 55, an irreversible cipher processor 40 and a format conversionprocessor 41 are connected to one another. The data identityverification device 10 refers to and updates these recorders 45, 50 and55 as required and further requests the irreversible cipher processor 40and the format conversion processor 41 for processing.

Hereinafter, each component of the data identity verification device 10will be described. The I/O unit 15 inputs and outputs data with aterminal device 60, the recorders 45, 50 and 55, the format conversionprocessor 41 and the irreversible cipher processor 40, which areconnected to the I/O unit 15 via a network. The file recorder 45 storesthe original file, a converted file in which the original is convertedand file data that are transmitted from the above-stated company A, forexample.

FIG. 3 is a diagram illustrating a specific example of the file recorder45. File information is stored with a registrant ID, a registrant, afile extension and an irreversible cipher associated with the fileitself. It should be noted that a recorder that stores and manages theinformation with related IDs associated with the information isseparately required, but the recorder will not be shown in the figure.

The registrant referred to here is a person who actually registered afile, and registration is carried out in two cases: a case where a filethat is registered by the registrant (hereinafter referred to as an“original file”) is registered; and a case where a file that isprocessed to convert an original file into a file format that can beused by another application. The registrant for the latter case is asystem. A file extension is used to identify an application that isassociated with the registered file, and is shown by the last threeEnglish letters (in the case of htm, the extension may sometimes behtml) of the file name. For example, if it is “htm”, the extension showsa file format that can be displayed by a Web browser. If it is “doc”,the extension shows the file supports the Word application. Theirreversible cipher will be described later.

FIG. 4 is a diagram illustrating a specific example of the identity datarecorder 50. The identity data recorder 50 is a recorder that stores avalue converted by using a hash algorithm (which is called a hash value)after the hash value is associated with the original file. In theidentity data recorder 50, data obtained by converting the original fileinto a hash value and data obtained by converting a file that isconverted into different format from the original file into a hash valueare stored in an associated manner. Specifically, for example, dataobtained by converting a certain original file into a hash value isstored in a field called an original file irreversible cipher, and dataobtained by converting the original file into hash values of files thatare converted into a plurality of different file formats are stored asan irreversible cipher 1, an irreversible cipher 2, and so on.

FIG. 5 shows a diagram specifically describing the conversion definitionrecorder 55. The conversion definition recorder 55 is a recorder thatstores a file format by associating the format with a conversion fileformat that is adequate for the file format of the original file. In theconversion definition recorder 55, a file format of the original fileand a file format that is convertible from the file format areassociated with each other for storage. Referring to FIG. 5, the “htm”which exists in the field “conversion source”, for example, implies thatthe original file is a file format that can be displayed on a Webbrowser. In addition, as a file format that is convertible from the fileformat is associated with the “doc” (corresponding to the “Word”application, in this case) that exists in the field of a conversionformat 1, and with the “pdf” (corresponding to an application thatsupports a pdf file) that exists in the field of a conversion format 2.A symbol in each field indicates a file extension, and the symbol can beused in an application that supports the extension. In addition, it mayalso be arranged that association of the conversion source with theconversion format can be randomly set.

In the irreversible cipher processor 40, an irreversible cipher functionstays resident to convert a file inputted into an irreversible cipher.The irreversible cipher function is used to convert data having anylength into a length in fixed value of irreversible nature by applying aone-way arithmetic function thereto. Such a function is called a hashalgorithm. Incidentally, while a hash algorithm is adopted in thisembodiment, however, the embodiment is not limited to such an algorithm.It may be another algorithm that generates a value that is difficult forthe original file to generate or presume.

In the format conversion processor 41, a plurality of conversionprograms stay resident, and the format conversion processor 41 outputs afile in which an inputted file format is converted to a designated fileformat. The conversion programs referred to here mean applications suchas spread sheet software or a word processor, or otherwise, programsthat only execute conversion off a certain format into another format.The format conversion processor 41 requires a separate recorder thatmanages an appropriate conversion program based on an extension thatindicates a format of the original file and an extension that indicatesa conversion format. However, with the embodiment, such a recorder isnot shown in FIG. 5.

As stated in the above, a description has been made of recorders thatare connected to the data identity verification device 10. Note that,however, these recorders are described as independent devices here forthe purpose of clarifying the description, which shall not be understoodthat independent recorders are always required in actual embodiments.

In the processor 25, a control function 115 stays resident, and thecontrol function 115 controls input and output of data to and from aterminal device 60 and startup and exit of the following functions aswell: a format management function 100; an irreversible ciphermanagement function 105; and an irreversible cipher verificationfunction 110. In addition, a recording unit 30 stores the formatmanagement function 100, the irreversible cipher management function 105and the irreversible cipher verification function 110.

The irreversible cipher management function 105 is a program thatacquires an irreversible cipher by entering a file to the irreversiblecipher processor 40. When verification of an irreversible cipher that isacquired by the irreversible cipher management function 105 and anirreversible cipher that is stored in the identity data recorder 50, theirreversible cipher management function 105 temporarily stores theirreversible cipher thus acquired. When the verification is notexecuted, the irreversible cipher management function 105 records thefile and the acquired irreversible cipher on the file recorder 45 andthe identity data recorder 50, respectively.

The irreversible cipher verification function 110 compares a valueencrypted by the irreversible cipher management function 105 and anirreversible cipher that is stored in the identity data recorder 50 andreturns a result of judgment as to whether the two irreversible ciphersmatch with each other. When the two irreversible ciphers match with eachother, if a file that is formatted as required by an operator of theterminal device 60 further exists, the irreversible cipher verificationfunction 110 extracts the original file that is associated with theirreversible cipher of the original file stored in the identity datarecorder 50 and temporarily stores the original file extracted.

The terminal device 60 is a terminal unit that is used by a user. Theuser executes transmission and reception of data and a file with thedata identity verification device 10 via the terminal device 60. Theterminal device 60 includes a transmission/reception unit and an I/Ounit that are not shown in the figure. It is to be noted that, in FIG.2, only one unit of terminal device is shown for convenience, which doesnot mean that the number of terminal units is limited. In addition, withthe embodiment, transmission and reception of data and a file areconducted on a WWW server and a browser, presuming the case where suchtransmission and reception of data and a file between the data identityverification device 10 and the terminal device 60 which is a customerterminal unit. However, the present invention is not limited to such amethod.

FIG. 6 shows a flow chart describing processing of the data identityverification device 10. First, in Step 205, when access is made from theterminal device 60, a judgment is made based on the customer managementID of a user as to whether such access is a verification request from auser (e.g. the company B or the company C). If the access is averification request, the process is advanced to Step 215. If the accessis not a verification request (for example, a case where it is a fileregistration request from the company A), the file for whichregistration is requested is converted into a file of a given format andregistered in Step 210. In Step 215, an irreversible cipher is generatedfor each of the file for which registration is requested and theformat-converted file and the ciphers are registered. In Step 225, whenan access is made from the terminal unit 60, a judgment is made based onthe customer management ID of a user as to whether such access is averification request from a user (e.g. the company B or the company C).If the access is a verification request, an irreversible cipher isgenerated for the file for which registration is requested. Then, theirreversible cipher thus generated is compared with the irreversiblecipher that is generated based on the file for which registration isrequested (from the company A) (or the file concerned which is convertedinto a file having the same format as the file for which verification isrequested).

FIG. 7 shows a flow chart describing processing of the format managementfunction 100. An operator who is not shown in FIG. 7 logs in the dataidentity verification device 10 from the terminal device 60, enters thecustomer management ID of a customer, and transmits a file. When the IDis not an ID to indicate verification with an irreversible cipher storedin the identity data recorder 50, the control function 115 starts up theformat management function 100 (Step 300). When the ID is an ID toindicate the verification, the irreversible cipher management function105 is started up (Step 405).

Here, a recorder that manages and stores IDs by associating an ID forverification purpose and an ID for non-verification purpose with acustomer who logs in the terminal device 60 is required separately.However, such a recorder will not be shown in FIG. 7. In addition, theoperator may be the customer, or alternatively, a third-partyinstitution such as a public or private service trader that can betrusted for storing a file or data of such customer. Further, thethird-party institution may sometimes put data from a customer into afile for use of the service in the embodiment.

Furthermore, there may be a case where the operator is a customer at thetransmission and reception destination of a file who directly transmitsand receives a file that is converted into a format associated with theoriginal file to and from a customer who created the original file andthe data. Transmission of a file by the customer at the transmission andreception destination of a file from the terminal device 60 means thecustomer has a verification ID. In addition, when the validation resultof a file transmitted by the customer at the transmission and receptiondestination of a file is true, it is possible to request the customer toreturn the file in a format that is different from the file transmitted.In this case, the data in which the file format to be requested isexpressed in the file extension is entered together with the file to betransmitted. For example, the file extension “doc” means the Wordformat, while “txt” means the text format.

Next, the format management function 100 searches the conversiondefinition recorder 55 for a format to be converted, based on theextension of the original file transmitted from the terminal device 60(Step 315), and then extracts the extension of the format to beconverted (Step 320). Next, the extensions of the original file and theconversion format extracted are entered to the format conversionprocessor 41 in which a program that can convert a format into anintended format stays resident (Step 330). Further, when a plurality offormats to be converted exist, the above-stated procedures will berepeated.

Next, the converted file is acquired from the format conversionprocessor 41 (Step 335), the file is stored in a volatile memory(hereinafter simply referred to as a “memory”) (Step 341), and theend-of-program notification is output to the control function 115 (Step345). The control function 115, upon receiving the end-of-programnotification (Step 305), then starts up the irreversible ciphermanagement function 105 (Step 400 on the following drawing).

FIG. 8 shows a flow chart describing processing of the irreversiblecipher management function 105. The irreversible cipher managementfunction 105 has an input value from the format management function 100,or alternatively, it sometimes has a file and data inputted from theterminal device 60. The irreversible cipher management function 105inputs a formatted file acquired by the format management function 100or a file inputted from the terminal device 60 to the irreversiblecipher processor 40 (Step 425). The irreversible cipher processor 40generates an irreversible cipher that corresponds to the file inputtedand stores the cipher (Step 430).

Thereafter, when an ID showing a verification request is inputted to theirreversible cipher management function 105 (for example, a verificationrequest is made by the company B or the company C), the irreversiblecipher of the file for which verification is required is stored in amemory to compare the irreversible cipher with the irreversible cipherstored in the identity data recorder 50 (Step 450). The process is thenadvanced to the next step.

When the irreversible cipher management function 105 does not have an IDrequesting for verification, the registrant of the file, the extensionof the file, the irreversible cipher and the file are registered in aregistration file recorder (Step 440), and the original file and theirreversible cipher of the converted file are registered in the identitydata recorder 50 (Step 445).

It should be noted that, regarding the original file, the fileregistrant will be an ID for management of a customer who logs in theterminal device 60, and, regarding the format-converted file, the fileregistrant will be an ID showing the system (Refer to FIG. 3). Here, arecorder to manage and store IDs by associating the IDs with a loggingin customer or a system is required separately. However, with theembodiment, such a recorder will not be shown in the drawing.

The control function 115 which has received an end-of-programnotification, when having an ID to request verification, starts up theirreversible cipher verification device 110 (Step 500), and, when nothaving an ID to request verification, terminate the process (Step 460).

FIG. 9 shows a flow chart describing processing of the irreversiblecipher verification device 110. The irreversible cipher verificationdevice 110 compares an irreversible cipher stored in a memory and anirreversible cipher stored in the identity data recorder 50 by using theirreversible cipher management function 105 (Step 520) and judgeswhether the two ciphers match or not (Step 525). If they do not matchwith each other, a message of mismatch is output (Step 530). If theymatch with each other, the process is advanced to the next step.

Next, the irreversible cipher verification device 110 extracts anirreversible cipher of the original file having the matched irreversiblecipher from the identity data recorder 50, and stores the registrant,the extension and the registration date of the original file having theirreversible cipher in a memory from the file recorder 45 (Step 535).

Next, the irreversible cipher verification device 110 judges whether ornot another file format to be requested exists (Step 540). When anotherfile format to be requested does not exist, the irreversible cipherverification device 110 outputs an end-of-program notification to thecontrol function 115 (Step 560). When another file format to berequested exists, the process is advanced to the next step.

The irreversible cipher verification device 110 extracts the extensionof the file that is inputted as another file format to be requested andthe converted file having the same extension that is associated with theoriginal file stored in the file recorder 45 (Step 550), and stores theextension and the converted file in a memory (Step 555). Here, arecorder that manages and stores IDs of the original file and theconverted files that are associated with the original file is requiredseparately. However, with the embodiment, such a recorder will not beshown in the drawing.

The irreversible cipher verification device 110 outputs anend-of-program notification to the control function 115 (Step 560). Theirreversible cipher verification device 110, upon receiving theend-of-program notification, if validation result stored in the memoryas well as the file format requested and having true validation resultexist in the terminal device 60, transmits the requested file andterminates the process (Step 510).

As stated above, according to the embodiment, it is possible to realizeidentity certification which is mandatory for storage service ofdocument data to be exchanged among business traders and businessdocuments such as a certificate of tax payment by using a simple system,since confirmation of identity can be easily executed while allowing abroad range of file formats.

1. A document data identity verifying apparatus which verifies identityof document data, said apparatus comprising: an I/O unit which receivesdocument data in a first format from a creation source of the documentdata and receives the document data in the first format or said documentdata which is converted in another format from a reception source ofsaid document data; a format management unit which converts the documentdata in the first format received into another format according to apreset conversion definition; an irreversible cipher management unitwhich generates an irreversible cipher on the document data received; afile recorder which records a registrant ID, a document format, and theirreversible cipher associated with the document data; an irreversiblecipher verification unit which verifies an irreversible cipher that isgenerated based on the document data in the first format received fromsaid creation source or the document data converted into another formatby said format management unit and an irreversible cipher that isgenerated based on document data received from a reception source; andan identity data recorder in which the irreversible cipher generated onthe document data in the first format or the irreversible ciphergenerated on the document data that is converted into said anotherformat by said format management unit and the irreversible ciphergenerated based on the document data from the reception source areassociated with each other for storage, wherein a request from thereception source is judged whether the request is a file request or averification request according to an identifier of the reception source,wherein identity of the document data received from said creation sourceand the document data received from said reception source is validated,and wherein said irreversible cipher verification unit, when results ofsaid verification match with each other, searches said identity datarecorder for document data converted into a format different from thatof the document data received from the reception source, and transmitsthe document data searched out according to the request from thereception source.
 2. The document data identity verifying apparatusaccording to claim 1, wherein, when results of said verification matchwith each other, said irreversible cipher verification unit transmitsdocument data which is converted into a format different from that ofthe document data received from the reception source according to arequest from the reception source.
 3. The document data identityverifying apparatus according to claim 1, said apparatus furthercomprising: a conversion definition recorder in which a format that isconvertible for each format of a document received from a documentcreation source is selected and recorded in advance.
 4. The documentdata identity verifying apparatus according to claim 1, said apparatuscomprising: a file recorder which stores the document data in the firstformat received from said creation source of the document data.
 5. Adocument data identity verification method which verifies identity ofdocument data, said method comprising the steps of: receiving documentdata in a first format from a creation source of the document data;converting the received document data in the first format into anotherformat according to a preset conversion definition; generating anirreversible cipher for each of the document data in the first formatand the document data converted into another format; recording aregistrant ID, a document format, and the irreversible cipher associatedwith the document data; receiving the document data in the first formator said document data that is converted to another format from areception source of the document data; generating an irreversible cipherbased on the document data received from said reception source;verifying an irreversible cipher generated based on the document datareceived from said creation source of the document data and anirreversible cipher generated based on the document data received fromsaid reception source; recording the irreversible cipher generated onthe document data in the first format from the creation source and theirreversible cipher generated on said document data converted into saidanother format; associating in a storage the irreversible ciphergenerated on the document data in the first format from the creationsource and the irreversible cipher generated on said document dataconverted into said another format; judging a request from the receptionsource as to whether the request is a file request or a verificationrequest according to an ID of the reception source; when results of saidverification match with each other, searching said identity datarecorder for document data converted into a format different from thatof the document data received from the reception source; andtransmitting the document data searched out according to the requestfrom the reception source, wherein identity of the document datareceived from said creation source and the document data received fromsaid reception source is verified according to verification results. 6.Then document data identity verification method according to claim 5,wherein, when the verification results match with each other, thedocument data converted into a format different from that of thedocument data received from said reception source is transmittedaccording to a request from said reception source.
 7. The document dataidentity verification method according to claim 5, wherein, a formatwhich is convertible for each of documents transmitted from the documentcreation source is recorded in a recorder, and the step executing saidconversion executes conversion according to recorded data in saidrecorder.
 8. A memory medium which stores a document data identityverifying program that operates a computer as means for: receivingdocument data in a first format from a creation source of the documentdata; converting the received document data in the first format intoanother format according to a preset conversion definition; generatingan irreversible cipher for each of the document data in the first formatand the document data converted into another format; receiving thedocument data in the first format or said document data that isconverted to another format from said reception source of the documentdata; generating an irreversible cipher based on the document datareceived from said reception source; and verifying an irreversiblecipher generated based on the document data received from said creationsource of the document data and an irreversible cipher generated basedon the document data received from said reception source; recording theirreversible cipher generated on the document data in the first formatfrom the creation source and the irreversible cipher generated on saiddocument data converted into said another format; associating in astorage the irreversible cipher generated on the document data in thefirst format from the creation source and the irreversible ciphergenerated on said document data converted into said another format;judging a request from the reception source as to whether the request isa file request or a verification request in accordance with an ID of thereception source; when results of said verification match with eachother, searching said identity data recorder for document data convertedinto a format different from that of the document data received from thereception source; and transmitting the document data searched outaccording to the request from the reception source, wherein identity ofthe document data received from said creation source and the documentdata received from said reception source is verified according toverification results.